zenCipher

Back
FoobarCTF 2025 - WriteupBlur image
/ Update
5 min read
English
writeups /
international /
misc /
web exploit /
rev

FoobarCTF 2025 - Writeup

Writeup for challenges from Foobar CTF 2025 held by Team Aavishkar.
views | comments

CTFTime : https://ctftime.org/event/2720

Table of contents
  1. Misc
  2. Reverse Engineering
  3. Web Exploitation

✨ Misc#

CryptoMix Madness#

Description

A brilliant cryptographer once designed a secret verification system to protect valuable information. The system, known as CryptoMix Madness, uses a series of transformations to encode the final message.

To prove your cryptographic prowess, you must correctly apply the some transformations.

Can you crack the code and claim the ultimate reward? nc chall.foobarctf.nitdgplug.org 31337

Hint :

  • Some transformations can be reversed, others cannot. Choose your methods wisely.
  • If you can’t read it, maybe the alphabet has shifted?

Attachment : Hint.txt

Solve

To solve this challenge, we need to apply the transformations in the correct order written in Hint.txt. When i tried to connect netcat, it asked me some questions to get the flag. So, i use a tool that can help me to solve the problem. I used CyberChef. Just input the asked text, then apply the encoding method respectively.

  1. Base64 of “FoobarCTF” = “Rm9vYmFyQ1RG”
  2. MD5 Hash of “GLUG” = d8d3b7ff9b42d918aa88ac1d3b654b33
  3. SHA-256 Hash of “UBUNTU” = 28ddb685efc574520b007ba79f0d3ae0746ee51401a1e894f8b86f1c1afec13d
  4. ROT13 of “LINUX” = “YVAHK”
  5. Hexadec representation of “OPEN_SOURCE” = 4f50454e5f534f55524345

Screenshot 2025-03-22 212255

Boom!, i got the flag!

Flag:

GLUG{Crypto_Transformation_Master}
sh

Silent Whispers#

Description

A cryptic image was intercepted from an underground hacker forum—hearme.jpg. At first glance, it appears to be just an ordinary picture, but intelligence reports suggest otherwise.

The sender, known only as “GhostCipher,” is infamous for embedding secret messages in plain sight. Rumors say that critical information has been hidden within this image, accessible only to those who know where to look.

Can you decode the hidden message before it vanishes into the void?

Attachment : hearme.jpg

Solve Ok, let’s try to see if this jpg file has steganography in it. It will be extracted to a text file that has a link to google drive

image

After that, just download the file. It’s an audio file and sounds like write a spectrogram there. So, i open it with audacity and change view mode to spectrogram. Wow, it has a less readable text there. It’s look like Base64 encoded text, just decode it and you will get the flag!

Screenshot 2025-03-23 153757

Flag:

GLUG{A@ud!o_3ncRypt_9x7#}
sh

Lost Transmission#

Description

A rogue operative was transmitting classified data when their signal was intercepted. Our analysts recovered only a single file from the transmission—final_challenge.mp3.

However, something feels off. No traces of audio data exist in the file, and attempts to play it result in static. The intelligence agency believes that the operative may have used unconventional methods to conceal the data.

Your mission is to uncover what lies within and retrieve the lost information before it disappears forever.

Hint :

  • Layers upon layers—peel them back carefully.
  • Not everything is as it seems. Look beyond the obvious.

Attachment : final_challenge.mp3

Solve

  1. Based on the hint, i think this file has a hidden file in it. SO, i just use steghide to extract it.
steghide extract -sf final_challenge.zip
sh
  1. Then, it will gave me a file with .out extension. It is actually RAR file. Unrar it.
unar final_challenge.out.rar
sh
  1. After that, i got flag.7z file. After extract the 7z file, it gave me flag.tar.gz (damnn, wtf is this layers).
7z x flag.7z
tar -xvzf flag.tar.gz
sh
  1. Ok, extract it too and i got the last layer, flag.zip. Just unzip it and the real flag shown.

Flag:

GLUG{UnZ1pp1nG_N1ghtmar3}
sh

🔀 Reverse Engineering#

Bitmap Mystery#

Description

You have intercepted a mysterious BMP file, but its contents seem to be encoded. Your task is to analyze the given Python script and extract the hidden flag from flag.bmp.

Hint :

  • The script reads flag.bmp and processes pixel data using bitwise operations.
  • Pay close attention to how the script manipulates pixel intensity and encodes information—this might be a form of steganography!

Attachment : compressed_data and compressed.py

Solve After analyzed it, it is can be reversed by this steps

  1. Read the BMP header (54 bytes) and compressed data.
  2. Reverse RLE: Expand bytes based on their count to reconstruct the XORed data.
  3. Reverse XOR (byte ^ 0xAA) to restore the original pixel data.
  4. Save the result (header + decompressed data).

Here is the script :

solver.py
def decompress_bmp(input_file, output_file):
    with open(input_file, "rb") as f:
        header = f.read(54)  # BMP header (first 54 bytes)
        compressed_data = f.read()  # Read compressed pixel data

    decompressed_data = bytearray()
    
    # Reverse the run-length encoding (RLE)
    i = 0
    while i < len(compressed_data):
        byte = compressed_data[i]
        count = compressed_data[i + 1]
        decompressed_data.extend([byte] * count)
        i += 2  # Move to the next (byte, count) pair

    # Reverse the XOR transformation
    original_data = bytearray(b ^ 0xAA for b in decompressed_data)

    with open(output_file, "wb") as f:
        f.write(header)  # Write BMP header
        f.write(original_data)  # Write decompressed pixel data

    print(f"Decompression complete. Decompressed size: {len(original_data)} bytes")

if __name__ == "__main__":
    decompress_bmp("compressed_data", "decompressed_flag.bmp")
python

Flag:

GLUG{Bm9_R8VreVers3}
sh

🌐 Web Exploitation#

Silent Override#

Description

The system trusts its tokens a little too much. An /api/admin endpoint hides the flag, but your token says you’re not worthy. Can you bend the rules and claim what’s hidden?

http://chall.foobarctf.nitdgplug.org:31302

Solve This is the first look of the web’s chall.

Screenshot 2025-03-23 144330

There is an login form. So, what i did firstly is try to log in with random username and password. It gives me a JWT Token under it. Hmm, interesting. Try to decode the JWT token with JWT.io. Just paste my token and it said that the value of “admin” attribute is false. Ok. i changed the ‘admin’ value to true, and then copy the new encoded JWT token. Back to the website, then open inspect element or dev mode (“Ctrl+Shift+I”). Damn, there is a commented out code in the login form. It seems like a button that will put admin data there.

Screenshot 2025-03-23 145107

After that, i try to input my new JWT token by removing “readonly” attribute from the input field. Then, i click the button. And… i got the flag.

Screenshot 2025-03-22 155135

Flag:

GLUG{JWT_Manipulation_Success}
sh

Thanks for read this writeup. If u wanna support me, buy me a coffee here or click button below

FoobarCTF 2025 - Writeup
https://zenc.my.id/blog/foobarctf-2025
Author Abi Abdillah
Published at March 23, 2025
Copyright CC BY-NC-SA 4.0
Buy me a cup of coffee ☕.

IFEST UAJY 2025 Writeup - [Web Exploit]

WolvCTF 2025 Writeup - [Beginner]